The European Central Bank has given eurozone banks until October 31 to submit plans outlining how they will defend against AI-enabled cyber threats, reflecting growing concern among regulators over the impact of artificial intelligence on financial stability.
Regulators Raise The Alarm On AI-Powered Cyber Risk
The ECB’s directive comes as increasingly sophisticated AI models are expanding cyber capabilities, raising concerns about the resilience of critical financial infrastructure.
Follow THE FUTURE on LinkedIn, Facebook, Instagram, X and Telegram
Some frontier AI systems, including Anthropic’s Mythos, have become so capable that access to them has been restricted, a limitation that currently applies to eurozone banks.
“These developments have potentially profound implications for the confidentiality, integrity and resilience of banks’ information and communication technology (ICT) systems,” the ECB said in a letter to bank chief executives.
Focus Shifts To Critical Systems
The central bank instructed lenders to prioritise internet-facing systems and other critical technology assets, including third-party software and open-source components. It also called for faster vulnerability management, stronger monitoring capabilities and improved cyber hygiene.
Beyond technical safeguards, the ECB urged banks to modernise ageing infrastructure and strengthen crisis management, recovery planning and information-sharing arrangements.
To support the initiative, the ECB has postponed a separate IT survey and said it may adjust inspections and other supervisory activities.
Cybersecurity Becomes A Financial Stability Issue
In a separate warning issued alongside the ECB’s letter, the European Systemic Risk Board (ESRB) said large-scale cyberattacks could undermine confidence in financial institutions and, in severe cases, trigger runs on banks or jurisdictions perceived as less secure.
“The ESRB considers these developments to be a source of systemic risks to the financial system,” the board said.
The report outlines a range of scenarios, from gradual losses of confidence in individual institutions to coordinated attacks targeting payment, clearing and settlement systems, potentially amplified by disinformation campaigns.
According to the ESRB, cyber incidents could spread rapidly through shared software providers and common technology platforms, allowing a single breach to escalate into a broader financial disruption.
A Growing Priority For Banks
The ECB’s latest guidance underscores how cybersecurity is becoming a core prudential issue rather than simply an operational concern.
As banks deepen their reliance on digital infrastructure, cloud services and third-party technology, regulators increasingly view cyber resilience alongside capital, liquidity and risk management as a key pillar of financial stability.